I'm sorry I forgot to add LOCAL_SANITIZE := address to Android.mk for app_process. So the binary /system/bin/asan/app_process64 was not sanitized.
Now all works fine. Thank you On Tuesday, October 10, 2017 at 6:33:07 PM UTC+3, Francis Ricci wrote: > > You should use LD_PRELOAD to load the ASan dso, or interception (and > memory mapping) won't be set up properly. > > On Tue, Oct 10, 2017 at 11:07 AM, <[email protected] <javascript:>> > wrote: > > Who should load libclang_rt.asan-aarch64-android.so? A sanitized > executable > > or a sanitized library? > > > > I have two binaries compiled with asan: /system/bin/asan/app_process64 > and > > /system/lib64/asan/libart.so > > In my case libclang_rt.asan-aarch64-android.so is loaded by libart.so. > And > > there are no libc.so in the soinfo_list after libart.so. > > May be app_process64 should load libclang_rt.asan-aarch64-android.so? > > > > > > On Tuesday, October 10, 2017 at 5:16:16 PM UTC+3, [email protected] > wrote: > >> > >> I found that GetRealFunctionAddress returns 0 for all intercepted libc > >> functions. > >> Probably the problem is in bionic > >> > >> On Tuesday, October 10, 2017 at 3:59:18 PM UTC+3, [email protected] > >> wrote: > >>> > >>> Hello, > >>> > >>> I'm trying to run an ASAN application on Android O and the application > >>> crashes with the following stacktrace: > >>> > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #00 pc 000000000006af38 > >>> /system/lib64/libc.so (tgkill+8) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #01 pc 000000000001e050 > >>> /system/lib64/libc.so (abort+88) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #02 pc 000000000008ce88 > >>> /system/lib64/libclang_rt.asan-aarch64-android.so > >>> (_ZN11__sanitizer5AbortEv+60) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #03 pc 0000000000092d40 > >>> /system/lib64/libclang_rt.asan-aarch64-android.so > >>> (_ZN11__sanitizer3DieEv+152) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #04 pc 000000000007e26c > >>> /system/lib64/libclang_rt.asan-aarch64-android.so > >>> (_ZN6__asanL15AsanCheckFailedEPKciS1_yy+284) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #05 pc 0000000000092dc4 > >>> /system/lib64/libclang_rt.asan-aarch64-android.so > >>> (_ZN11__sanitizer11CheckFailedEPKciS1_yy+116) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #06 pc 000000000006e06c > >>> /system/lib64/libclang_rt.asan-aarch64-android.so > >>> (_ZL28InitializeCommonInterceptorsv+15476) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #07 pc 0000000000069c70 > >>> /system/lib64/libclang_rt.asan-aarch64-android.so > >>> (_ZN6__asan26InitializeAsanInterceptorsEv+36) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #08 pc 000000000007d8cc > >>> /system/lib64/libclang_rt.asan-aarch64-android.so > >>> (_ZN6__asanL16AsanInitInternalEv+348) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #09 pc 00000000000e0f3c > >>> /system/lib64/asan/libart.so (asan.module_ctor+4) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #10 pc 000000000001f4b8 > >>> /system/bin/linker64 > (__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_+276) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #11 pc 000000000001f6e8 > >>> /system/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+396) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #12 pc 000000000000c0cc > >>> /system/bin/linker64 > (__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv+1460) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #13 pc 0000000000008f84 > >>> /system/bin/linker64 (__dl__Z8__dlopenPKciPKv+68) > >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #14 pc 00000000000010cc > >>> /system/lib64/libdl.so (dlopen+12) > >>> 10-10 14:10:34.491 15270 15270 F DEBUG : #15 pc 0000000000004d68 > >>> /system/lib64/libnativehelper.so (_ZN13JniInvocation4InitEPKc+136) > >>> 10-10 14:10:34.491 15270 15270 F DEBUG : #16 pc 00000000000fbc08 > >>> /system/lib64/libandroid_runtime.so > >>> > (_ZN7android14AndroidRuntime5startEPKcRKNS_6VectorINS_7String8EEEb+360) > >>> 10-10 14:10:34.491 15270 15270 F DEBUG : #17 pc 00000000000025c0 > >>> /system/bin/asan/app_process64 (main+1624) > >>> 10-10 14:10:34.491 15270 15270 F DEBUG : #18 pc 000000000001bab0 > >>> /system/lib64/libc.so (__libc_init+88) > >>> 10-10 14:10:34.491 15270 15270 F DEBUG : #19 pc 0000000000001ec8 > >>> /system/bin/asan/app_process64 (do_arm64_start+80) > >>> > >>> > >>> I know that CHECK(REAL(memcpy)) in the function > >>> InitializeAsanInterceptors fails because REAL(memcpy) returns 0. > >>> As I understand this macro expands to __interception::real_memcpy. I > see > >>> that this variable is in bss segment of > libclang_rt.asan-aarch64-android.so > >>> library > >>> and I can't find who assign the address to the original memcpy > function > >>> to it. > >>> > >>> Could you point me to right code or explain how it should work? > >>> May be this is already known issue and a patch already exists? > >>> > >>> > >>> Thank you > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "address-sanitizer" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
